at the first i want say i dont speak about original porteus files and modules but about i484, x86_64 item in forum where can i download packages or any user.

i see that some peoples put here precompiled packages, and mirror sites i know that any user can download it and try, use it but are this packages trusted? some people are from porteus and are ok but have i can know this packages are clean?

there are not md5, sha256 checksums or truested sources

i vote for publish original binary source files from witch this packages are created

donald wrote:^
If I (would) package some malware, I would surely also provide the appropriate (whichever) checksum.
lol

Sites like Mint now release the checksums off site across multiple places for people to cross reference , so the hacker would have to instantly hack each mirror at release for all the hacked copys to match.